Linux/Tipps/Gentoo/Kernel: Unterschied zwischen den Versionen

Zeile 266: Zeile 266:
==Crypto XTS support ==
==Crypto XTS support ==
* CRYPTO_XTS: '''Cryptographic API -> XTS support''' = y
* CRYPTO_XTS: '''Cryptographic API -> XTS support''' = y
== Microcode patches for Spectre ==
See also https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre and https://wiki.gentoo.org/wiki/Intel_microcode and https://www.heise.de/security/meldung/Spectre-Luecke-Intels-Microcode-Updates-fuer-Linux-und-Windows-3994347.html.
Check processor and microcode version (before and after changes):
dmesg | grep microcode
emerge --ask --noreplace sys-firmware/intel-microcode sys-apps/iucode_tool
iucode_tool -S --write-earlyfw=/boot/early_ucode.cpio /lib/firmware/intel-ucode/*
* CONFIG_BLK_DEV_INITRD: '''General setup -> Initial RAM filesystem and RAM disk (initramfs/initrd) support''' = y
* CONFIG_MICROCODE: '''Processor type and features -> CPU microcode loading support''' = y
* CONFIG_MICROCODE_INTEL: '''Processor type and features -> Intel microcode loading support''' = y
Need newer genkernel for --microcode option:
vi /etc/portage/package.keywords
emerge --ask genkernel
genkernel --microcode --kernel-config=.config --no-clean --makeopts=-j5 all
1.103

Bearbeitungen